How cryptocurrency is shaping today’s threat environment

Cryptocurrency has exploded as a popular way to support digital transactions. Since its creation, users have discovered an array of different ways to leverage cryptocurrency, including within mining strategies and digital wallets.

Expanded use cases and interest helped propel the value of digital currency like Bitcoin. At the time of this writing, the market price for Bitcoin stood at over $9,450, with a market trade volume of more than $8.5 million, though the value of Bitcoin has fluctuated wildly over the past few months.

At the same time, however, a digital currency that was untraceable and unlinked to any specific banking organization also considerably appealed to hackers. In addition to legitimate uses and mining, cybercriminals have also taken advantage of cryptocurrency, and this use is shaping the current threat environment.

The appeal of cryptocurrency

While many consider 2017 to be the year that cryptocurrency crossed over into the mainstream, individuals have actually been using Bitcoin and other types of cryptocurrency for several years now, representing a main driving force behind the blockchain concept.

At its most basic, cryptocurrency can be thought of as digital or electronic money. However, a main differentiating factor between cryptocurrency and other digital transactions is the fact that currencies like Bitcoin don’t require the verification or backing of a central bank or financial service provider.

Cryptocurrency offers numerous benefits for white hat users, including streamlined digital transactions and increased privacy. These same type of advantages, however, also appealed to hackers who saw Bitcoin and other cryptocurrencies as the ideal element to support malicious infections like ransomware. The fact that the currency supports certain privacy benefits also makes it ideal for enabling payments that cannot be tracked back to the malicious actor behind an infection – and that’s just how cybercriminals have leveraged it.

As Dr. Kevin Curran, Ulster University professor of cybersecurity, told The Guardian contributor Simon Usborne, the level of anonymity cryptocurrency enables was a capability that hackers struggled with previously.

“The odd hacker here or there could deliver a message to send money via Western Union or to a bank account, but that transfer was always traceable once the authorities were involved,” Curran said.

This all considerably changed with the emergence of cryptocurrency, which, as Usborne pointed out, provides specific advantages that attracted hackers’ attention.

“It offers two major advantages for cybercriminals: by operating as a decentralized currency, in which people pay each other without a middleman (like a bank or credit card company), it provides a lot of anonymity,” Usborne wrote.

Supporting ransomware: Wallet hacking

One of the best examples of cryptocurrency shaping today’s threat environment comes in connection with the veritable tidal wave of ransomware attacks that have taken place in recent years. These attacks include strong encryption to block legitimate user access as well as a ransom demanding payment in the form of untraceable cryptocurrency for the decryption key. In this way, Bitcoin and cryptocurrency led to the significant rise and continued success of malicious ransomware infections.

As Trend Micro reported, hackers have even begun upcycling older ransomware threats to include new cryptocurrency-centered malicious capabilities. One instance encompasses the Cerber ransomware family, which has seen developments in the past. Most recently, hackers had leveraged Cerber for cryptocurrency theft.

A current Cerber infection still includes many familiar elements: infection typically begins with a malicious emailed file attachment which delivers the Cerber variant. This newest version enables the ransomware to target Bitcoin wallets, in addition to encrypting and blocking access to files.

“How it goes about this is relatively simple: it targets the wallet files of three Bitcoin wallet applications (the first-party Bitcoin Core wallet, and the third-party wallets Electrum and Multibit),” Trend Micro researchers Gilbert Sison and Janus Agcaoili wrote. “It also deletes the wallet files once they have been sent to the servers, adding to the injury of victims.”

Successful theft would still require hackers to steal, guess or otherwise breach the password protection on the victim’s wallet. However, because Cerber is able to steal saved passwords from Internet Explorer, Chrome and Firefox, this isn’t a difficult jump for hackers to make.

Cryptocurrency is attractive to cybercriminals and has shaped the current threat landscape.

This ransomware-driven cryptocurrency wallet hacking comes on top of other attempts to break into victims’ cryptocurrency repositories. This has become a popular pursuit, with wallets being treated as low-hanging fruit for hackers who know the currency can’t be traced.

As Fortune reported, though, particularly flagrant attackers that steal the contents of digital wallets are now being uncovered. One Ukrainian hacker called Coinharder has been identified, and has stolen over $50 million in cryptocurrency using a tactic involving malicious Google advertisements targeting individuals who search for keywords like “blockchain” or “bitcoin wallet.” The ads, purchased by hackers, display links to websites posing as legitimate marketplaces for cryptocurrency wallets, but actually steal digital currency.

“Fooled into believing they had come to the right place, victims then entered private information that allowed hackers to gain access to their actual wallets and take their digital money,” explained Fortune contributor Jen Wieczner.

As cryptocurrency continues to explode in popularity among consumers and other users, chances are very good that attempts to steal from cryptocurrency wallets will continue in the near future.

Cryptocurrency mining: Coming to mobile

Supporting ransomware and digital wallet theft aren’t the only ways in which cryptocurrency has shifted the current threat landscape. Hackers are also working to take advantage of the recent cryptocurrency mining push, which essentially rewards users with cryptocurrency for adding blocks of amassed transactions to the blockchain publicly distributed ledger.

As Trend Micro reported in its 2017 Annual Security Roundup report, hackers have even attempted to bring cryptocurrency mining capabilities to the mobile malware environment. Trend Micro even discovered several malicious cryptocurrency mining apps in the Google Play store in the fall of 2017. These leverage the victim device’s CPU for mining activity which benefits the hacker.